Russia dominated news headlines last year during the 2016 Presidential election campaign after the hacking of a Democratic National Committee server. United States had accused Moscow of being responsible for the DNC hack along with running a propaganda machine to influence election results. Following the election victory of Donald Trump, many have associated all such reports as a tactic to destabilize the new Trump administration. However, the Federal Bureau of Investigation and other US intelligence agencies have continued to probe into the matter.

In probably one of the first such cases, FBI has its hands on a witness who was the developer of the tool that was allegedly used by Russians in the DNC hack. The hacker known by his online moniker Profexer used to sell his work in the dark web marketplaces, but suddenly went dark last year after his malware was identified in the hack. The New York Times has reported that Profexer, a Ukrainian coder, turned himself in early this year and has now become a witness for the FBI.

“Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January – just days after American intelligence agencies publicly identified a program he had written as one tool used in the hacking of the Democratic National Committee,” the NYT reports.

“It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the D.N.C. hack and the heated debate it has stirred.”

Despite several independent analyses, the debate on this investigation has gone on for quite a while now, with law enforcement having apparently turning its eyes to Ukraine, an enemy of Moscow and a place that the Kremlin has long used “as a laboratory for a range of politicized operations.”

Most of the campaigns that were first reported in Ukraine were later seen attacking government agencies elsewhere, from Europe to United States. “In several instances, certain types of computer intrusions, like the use of malware to knock out crucial infrastructure or to pilfer email messages later released to tilt public opinion, occurred in Ukraine first,” the Times said. “So, not surprisingly, those studying cyberwar in Ukraine are now turning up clues in the investigation of the D.N.C. hack, including the discovery of a rare witness.”

The latest report from the NYT adds that there is no evidence that Profexer knowingly worked for Russia’s intelligence services, “but his malware apparently did.” He had shut down his website right after the Department of Homeland Security had identified his creation being used in the hack.

The Ukrainian police has declined to release his name or any other details except that he is living in Ukraine but hasn’t been arrested. The report cites Serhiy Demediuk of the Ukrainian Cyber Police who said in an interview that Profexer is a witness to the FBI. The US agency now has a full-time cybersecurity expert in Kiev, however, it hasn’t commented on this story.

It is unclear if Profexer actually knows anything about his clients, since the police has said the interaction between him and his clients was mainly online. Anton Gerashchenko, a member of Ukraine’s Parliament, said that “he [Profexer] was a freelancer and now he is a valuable witness.”